Jeremiah Grossman on Communicating Security Upstream

Jeremiah Grossman (@jeremiahg) is the CTO and Founder of WhiteHat Security, founder of the Web Application Security Consortium (WASC), as well as a frequent speaker at events including Black Hat, RSA, ISACA, CSI, Infosec World, OWASP, ISSA, and Defcon.

Grossman discussed with us the challenges of effectively communicating the value of security operations as a business enabler to the executive class from the point of view of a solutions provider.

“A lot of times now security can actually increase the top line, where companies can compete on the security of their offerings… If we speak in terms of dollars and cents, and likelihood and probability, I think we’ll make much more headway and really start to justify the things that we are doing to secure these systems,” Grossman said.

Grossman also explained the findings of some research he did for a BlackHat presentation on Javascript malware propagation thorough ad networks that can be used for denial of service attacks not by exploiting a vulnerability, but by leveraging the way the Internet is actually supposed to work…